Releasing a security patch is common practice for top-tier technology providers, aimed at ensuring that their products and hardware can offer the best and most secure experience for users. However, when multiple patches are released over a short period of time, it can quickly catch the attention of the entire tech industry.
This is recently what took place in connection with Intel CPU hardware, where multiple platform providers are currently working to roll out updates to prevent a newly-discovered flaw from being leveraged for malicious purposes. Unfortunately, despite the critical need for this patch, the resulting update could heavily impact the performance of systems supported by the affected Intel CPU hardware.
What exactly happened?
According to several different sources, the CPU bug in need of this potentially performance-hampering patch was discovered by programmers working on the Linux kernel. The flaw itself is in the design of the CPU, and, as Game Debate contributor Jon Sutton explained, the hardware issue could create opportunities for malicious activity, particularly when it comes to cloud and web host service provider systems.
“The hardware bug causes an Intel CPU to prefetch system memory areas and gain control of any application, in theory allowing for a VM on shared hosting to read and write over another VM,” Sutton wrote. “Breaking out of the confines of virtual machines hosted at cloud providers could prove hugely damaging.”
Due to the severity of the threat and the potential for it to impact so many cloud and website hosting service users, Intel attempted to embargo details about the flaw to prevent hackers from leveraging it in a harmful manner. At the same time, though, several system patches being released for Linux – as well as an upcoming Microsoft patch – had many technology experts taking a closer look at the updates.
“Patches typically take months of development and discussion before they’re pushed out, but here we have multiple patches being pushed in double quick time,” Sutton wrote. “The theory is that these patches are being released to prevent the security vulnerability in Intel processors.”
The performance issue
However, the mere existence of this flaw isn’t the only issue at hand – once the updates are put in place within Linux and Windows systems supported by the Intel CPU hardware, the platforms will take a hit in terms of performance capability. According to The Register contributors John Leyden and Chris Williams, while experts are still working out exactly how severe the slowdown will be for individual systems, many note the update could result in a 5 to 30 percent reduction in performance.
The patches are set up to create a clearer separation between the CPU and the kernel in order to address the flaw and prevent it from being misused by malicious actors.
“The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware,” Leyden and Williams explained. “These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel’s overhead, and slows down the computer. Your Intel-powered machine will run slower as a result.”
What’s next?: Updating and monitoring performance
“The update could result in a 5 to 30% reduction in performance.”
A widespread vulnerability of this kind is never good news for the industry, but many providers including Linux, Windows and IBM are working quickly to create the appropriate patches. What’s more, there are currently no known cases of this issue being used for malicious purposes.
Organizations that rely on Intel CPU equipment within their infrastructure should remain aware of the release of any associated updates and patches, and put these in place as soon as possible. As IBM pointed out, organizations must have the right firewall and security protections in place within the critical infrastructure to further prevent any risks.
It’s also imperative, due to the potential for performance slowdowns, that businesses and their IT stakeholders have as much visibility into their infrastructure as possible. In this situation, few tools provide more value than an infrastructure performance monitoring suite like Galileo Performance Explorer.
Galileo offers an in-depth, granular look at the performance and capacity of the critical systems that make up the overall infrastructure, including storage, SAN, servers, database and cloud environments. In this way, even when a performance-impacting issue comes up, the IT team has the insight it needs to address these problems head-on.
To find out more, connect with the experts at Galileo Performance Explorer today.